PT-2024-31573 · Fortinet · Fortisoar
Published
2024-09-11
·
Updated
2025-01-21
·
CVE-2024-45327
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiSOAR versions 7.0.0 through 7.0.3
FortiSOAR versions 7.2.0 through 7.2.2
FortiSOAR versions 7.3.0 through 7.3.2
FortiSOAR versions 7.4.0 through 7.4.3
Description
An improper authorization issue in the change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators' passwords via crafted HTTP requests. This could lead to unauthorized access.
Recommendations
For FortiSOAR versions 7.0.0 through 7.0.3, patch immediately and enforce strong password policies.
For FortiSOAR versions 7.2.0 through 7.2.2, patch immediately and enforce strong password policies.
For FortiSOAR versions 7.3.0 through 7.3.2, patch immediately and enforce strong password policies.
For FortiSOAR versions 7.4.0 through 7.4.3, patch immediately and enforce strong password policies.
As a temporary workaround, consider restricting access to the change password endpoint until a patch is available.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisoar